Skip to content

Instantly share code, notes, and snippets.

@RJ
Created August 21, 2013 13:30
Show Gist options
  • Save RJ/6294478 to your computer and use it in GitHub Desktop.
Save RJ/6294478 to your computer and use it in GitHub Desktop.
haproxy websockets config snippet
## GENERATED BY CHEF, DONT EDIT DIRECTLY
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 10000
user haproxy
daemon
defaults
log global
mode http
option httplog
option forwardfor header X-Forwarded-For
option dontlognull
retries 0 # if we can't connect to backend, insta-fail, don't let haproxy retry.. ie, fail fast, since backends restarting takes a while anyway.
option http-server-close # ignore server keepalive setting
timeout server 40s # if nothing from backend server in 40s (we have idle timer <30s, so fine)
timeout client 40s # boot clients at the same time as server gives up, if connection is borked
timeout http-request 5s # slow-loris
timeout connect 5s # making connections to backends
timeout tunnel 60s # supercedes server/client timeouts after http UPGRADE to websocket (again, 30s idle msgs..)
frontend public-http
bind :80
redirect scheme https
frontend public-https
mode http
# https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
bind :443 ssl crt /etc/.../example.com.pem ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
use_backend..... etc...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment